With the increasing development of communication technologies, digital television becomes popular and users of the digital television are increasing gradually. A set-top box (digital video converting box) is one of devices required for using the digital television. However, access identities of set-top boxes are frequently stolen. In order to protect interests of consumers and manufacturers, the prior art provides some solutions for verifying the access identities of set-top boxes. A mainly used solution for verifying an access identity of a set-top box is a digest verification solution.
Specifically, the digest verification solution is: A set-top box sends verification information such as a user serial number and a password to an authentication server; after checking that the verification information is correct, the authentication server sends a challenge message to the set-top box; after receiving the challenge message sent from the authentication server, the set-top box sends a verification response message to the authentication server; the authentication server generates a digest by using a digest algorithm according to the received verification information and matches the digest with a corresponding application server; the authentication server selects an application server according to a result of the matching and sends the user serial number and a login token to the selected application server; the authentication server sends a login success message to the set-top box, where the login success message includes a login token, where the login token included in the login success message is the same as the login token sent by the authentication server to the application server; the set-top box sends a request message to the application server, where the request message includes the user serial number and a login token, where the login token included in the request message is the same as the login token sent by the authentication server to the set-top box; after receiving the request message sent from the set-top box, the application server matches the user serial number and the login token that are sent by the authentication server with the user serial number and the login token that are in the request message, and if the two are the same, sends service data to the set-top box and the set-top box starts to provide a service to a user; after the service is complete normally, the set-top box sends a logout request to the authentication server and the application server, and the authentication server and the application server delete the previous login token.
During a process of implementing the foregoing invention, the inventor finds that the prior art has at least the following problems:
According to this solution, in a process of verifying an identity, the digest is generated by using the digest algorithm, and input of the digest algorithm has corresponding plain text information in a network exchange packet before digest information is sent, so that the digest algorithm can be easily stolen, which reduces accuracy of access identity authentication. Moreover, the digest algorithm cannot be updated, and once it is decoded, an access identity of a true user will always be stolen, which reduces security of access identity authentication.